CVE-2026-13558
CodeAstro Complaint Management System Report addreport cross site scripting
CVSS Score
3.5
EPSS Score
0.0%
EPSS Percentile
0th
A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing a manipulation of the argument Report Title results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
| CWE | CWE-79 CWE-94 |
| Vendor | codeastro |
| Product | complaint management system |
| Published | Jun 29, 2026 |
| Last Updated | Jun 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for codeastro complaint management system
Be the first to know when new low vulnerabilities affecting codeastro complaint management system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
CodeAstro / Complaint Management System
1.0
References
vuldb.com: https://vuldb.com/vuln/374566 vuldb.com: https://vuldb.com/vuln/374566/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13558 vuldb.com: https://vuldb.com/submit/843714 github.com: https://github.com/ashikmd0507/CVE/blob/main/Stored%20XSS%20in%20Report%20Title%20Field%20Allows%20Script%20Execution%20in%20Admin%20Panel/README.md codeastro.com: https://codeastro.com/
Credits
๐ ashikmd7 (VulDB User)